Filtered by vendor Hitachi Subscriptions
Total 195 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-2497 1 Hitachi 2 Web Page Generator, Web Page Generator Enterprise 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2004-2493 1 Hitachi 2 Groupmax World Wide Web, Groupmax World Wide Web Desktop 2024-08-08 N/A
Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.
CVE-2004-2452 1 Hitachi 1 Cosminexus Portal Framework 2024-08-08 N/A
Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.
CVE-2004-2421 1 Hitachi 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 2024-08-08 N/A
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.
CVE-2004-2420 1 Hitachi 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 2024-08-08 N/A
Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets.
CVE-2004-1478 2 Hitachi, Macromedia 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more 2024-08-08 N/A
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVE-2004-0928 2 Hitachi, Macromedia 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more 2024-08-08 N/A
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
CVE-2005-4578 1 Hitachi 1 Business Logic 2024-08-07 N/A
Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form.
CVE-2005-4579 1 Hitachi 1 Business Logic 2024-08-07 N/A
Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form.
CVE-2005-4577 1 Hitachi 1 Business Logic 2024-08-07 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form.
CVE-2005-4324 1 Hitachi 1 Groupmax Mail Smtp 2024-08-07 N/A
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."
CVE-2005-4323 1 Hitachi 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client 2024-08-07 N/A
Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component.
CVE-2005-4322 1 Hitachi 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client 2024-08-07 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components.
CVE-2005-3719 1 Hitachi 1 Ip5000 Voip Wifi Phone 2024-08-07 N/A
Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.
CVE-2005-3720 1 Hitachi 1 Ip5000 Voip Wifi Phone 2024-08-07 N/A
The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.
CVE-2005-3723 1 Hitachi 1 Ip5000 Voip Wifi Phone 2024-08-07 N/A
Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service.
CVE-2005-3722 1 Hitachi 1 Ip5000 Voip Wifi Phone 2024-08-07 N/A
The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.
CVE-2005-3721 1 Hitachi 1 Ip5000 Voip Wifi Phone 2024-08-07 N/A
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
CVE-2005-3164 2 Apache, Hitachi 2 Tomcat, Cosminexus Application Server 2024-08-07 N/A
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
CVE-2005-0356 9 Alaxala, Cisco, F5 and 6 more 76 Alaxala Networks, Agent Desktop, Aironet Ap1200 and 73 more 2024-08-07 N/A
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.